Question:

Salesforce Shield Encryption Evidence Post Spring 17 Release

Jayden: 2 weeks ago

Post spring 17 release, the “View Encrypted Data” permission and its resulting masking behavior will no longer be available and users can see encrypted field data in plaintext if they have access to field.

In this case, as a developer how can we ensure that the data in the field is actually encrypted at rest/database after enabling encryption on a field? What kind of evidence we can provide to auditor if encryption is audit requirement?

Answer:
Beau: 2 weeks ago

The most straightforward way to ensure that your data is encrypted is to destroy your tenant secret. Once you do it, you should see "?????" for all your encrypted data instead of the actual plaintext value, and if you re-import your tenant secret, you should see your data showing up again.

Aside from this direct method, there are two recent ways that can hopefully help you asess the state of your data encryption wise and the usage of the encryption keys.

  1. The encryption statistics give you more insight about the state of your data:

    https://releasenotes.docs.salesforce.com/en-us/winter18/release-notes/rn_security_pe_encryption_statistics_beta.htm

  2. If you also have the platform monitoring option (part of shield) you can have fine grain access to all the events related to the usage of your tenant secrets:

    https://releasenotes.docs.salesforce.com/en-us/winter18/release-notes/rn_security_em_eventlogfile_platform_encryption.htm